From f6332a43c35387c4a2dea1746be5fd092890ae0e Mon Sep 17 00:00:00 2001 From: davidovski Date: Mon, 27 Jun 2022 23:09:07 +0100 Subject: added lf and iptables --- repo/augeas/acf.aug | 7 + repo/augeas/augeas.xibuild | 44 + repo/augeas/awall.aug | 9 + repo/augeas/fix-test.patch | 13 + repo/bridge-utils/bridge-utils.xibuild | 32 + repo/bridge-utils/fix-PATH_MAX-on-ppc64le.patch | 26 + repo/ddcutil/ddcutil.xibuild | 25 + repo/dmidecode/dmidecode.xibuild | 23 + .../0000-fix-heap-overflow-in-dns-replies.patch | 66 + .../0001-Retry-on-interrupted-error-in-tftp.patch | 27 + ...fety-checks-to-places-pointed-by-Coverity.patch | 45 + .../0003-Small-safeguard-to-unexpected-data.patch | 30 + .../0004-Fix-bunch-of-warnings-in-auth.c.patch | 80 + ...-Fix-few-coverity-warnings-in-lease-tools.patch | 92 + ...-Fix-coverity-formats-issues-in-blockdata.patch | 23 + .../0007-Retry-dhcp6-ping-on-interrupts.patch | 23 + .../0008-Fix-coverity-warnings-on-dbus.patch | 84 + ...ddress-coverity-issues-detected-in-util.c.patch | 58 + ...-Fix-coverity-detected-issues-in-option.c.patch | 135 ++ ...011-Fix-coverity-detected-issue-in-radv.c.patch | 23 + ...2-Fix-coverity-detected-issues-in-cache.c.patch | 23 + ...overity-issues-detected-in-domain-match.c.patch | 60 + ...Fix-coverity-detected-issues-in-dnsmasq.c.patch | 69 + .../0015-Fix-coverity-issues-in-dnssec.c.patch | 35 + ...-crash-after-re-reading-empty-resolv.conf.patch | 38 + repo/dnsmasq/CVE-2022-0934.patch | 189 +++ repo/dnsmasq/config.h.patch | 12 + repo/dnsmasq/dnsmasq-dnssec.pre-install | 6 + repo/dnsmasq/dnsmasq-dnssec.pre-upgrade | 6 + repo/dnsmasq/dnsmasq.conf.patch | 38 + repo/dnsmasq/dnsmasq.confd | 22 + repo/dnsmasq/dnsmasq.initd | 151 ++ repo/dnsmasq/dnsmasq.pre-install | 6 + repo/dnsmasq/dnsmasq.pre-upgrade | 6 + repo/dnsmasq/dnsmasq.xibuild | 64 + .../01_fix_static_datadir_evaluation.patch | 19 + ...418703_dont_use_abbreviated_sfnet_address.patch | 27 + ...3_fix_420153_filename_whitespace_handling.patch | 43 + ...ix_442782_preprocessor_declaration_syntax.patch | 90 + .../05_fix_439214_error_on_missing_refentry.patch | 33 + repo/docbook2x/06_fix_man_typo.patch | 24 + repo/docbook2x/docbook2x.xibuild | 39 + .../0001-apk-add-instead-of-apt-get-install.patch | 22 + repo/electrum/electrum.xibuild | 31 + repo/freeciv/freeciv.xibuild | 31 + repo/glfw/glfw.xibuild | 23 + repo/i2c-tools/i2c-tools.xibuild | 31 + repo/iptables/ebtables.confd | 15 + repo/iptables/ebtables.initd | 99 ++ repo/iptables/ip6tables.confd | 14 + repo/iptables/iptables.confd | 14 + repo/iptables/iptables.initd | 135 ++ repo/iptables/iptables.xibuild | 59 + repo/iptables/use-sh-iptables-apply.patch | 39 + repo/lf/lf.xibuild | 33 + repo/libmnl/libmnl.xibuild | 36 + repo/libmnl/musl-fix-headers.patch | 13 + repo/libnftnl/libnftnl.xibuild | 31 + repo/libsecp256k1/libsecp256k1.xibuild | 28 + repo/libtheora/automake.patch | 11 + repo/libtheora/enc.patch | 11 + repo/libtheora/fix-mmx.patch | 31 + repo/libtheora/fix-timeb.patch | 75 + repo/libtheora/libtheora-flags.patch | 14 + ...virt-6.0.0-fix_paths_in_libvirt-guests_sh.patch | 35 + repo/libvirt/libvirt-guests.confd | 68 + repo/libvirt/libvirt-guests.initd | 237 +++ repo/libvirt/libvirt.confd | 20 + repo/libvirt/libvirt.initd | 40 + repo/libvirt/libvirt.post-install | 5 + repo/libvirt/libvirt.xibuild | 54 + repo/libvirt/musl-fix-includes.patch | 12 + repo/libvirt/stderr-fix.patch | 13 + repo/libvirt/virtlockd.initd | 24 + repo/libvirt/virtlogd.initd | 24 + repo/lxc/lxc.confd | 10 + repo/lxc/lxc.initd | 163 ++ repo/lxc/lxc.xibuild | 42 + repo/maven/maven.xibuild | 39 + repo/netcf/netcf.xibuild | 26 + repo/npm/dont-check-for-last-version.patch | 15 + repo/npm/npm.xibuild | 89 + repo/npm/npmrc | 6 + repo/perl-path-tiny/perl-path-tiny.xibuild | 26 + .../perl-xml-namespacesupport.xibuild | 24 + repo/perl-xml-sax-base/perl-xml-sax-base.xibuild | 24 + repo/perl-xml-sax/perl-xml-sax.xibuild | 25 + repo/perl-xml-xpath/perl-xml-xpath.xibuild | 24 + repo/poetry/fix-packaging-tags.patch | 97 ++ repo/poetry/poetry.xibuild | 35 + repo/protobuf/protobuf.xibuild | 38 + repo/protobuf/ruby-fix-cflags.patch | 16 + repo/protobuf/skip-failing-tests.patch | 70 + repo/protobuf/trim-rakefile.patch | 74 + .../python-aiohttp-socks.xibuild | 17 + repo/python-aiohttp/python-aiohttp.xibuild | 17 + repo/python-aiorpcx/python-aiorpcx.xibuild | 17 + repo/python-aiosignal/python-aiosignal.xibuild | 17 + .../python-atomicwrites.xibuild | 17 + repo/python-attr/python-attr.xibuild | 17 + repo/python-attrs/python-attrs.xibuild | 17 + repo/python-bitstring/python-bitstring.xibuild | 17 + .../python-charset-normalizer.xibuild | 17 + repo/python-dnspython/python-dnspython.xibuild | 17 + repo/python-ecdsa/python-ecdsa.xibuild | 17 + .../python-exceptiongroup.xibuild | 26 + repo/python-exceptiongroup/use-flit-core.patch | 38 + repo/python-flit-core/python-flit-core.xibuild | 27 + repo/python-frozenlist/python-frozenlist.xibuild | 17 + repo/python-future/python-future.xibuild | 17 + repo/python-hypothesis/python-hypothesis.xibuild | 17 + repo/python-idna-ssl/python-idna-ssl.xibuild | 17 + .../python-importlib-metadata.xibuild | 19 + repo/python-iniconfig/python-iniconfig.xibuild | 17 + repo/python-lark/python-lark.xibuild | 17 + repo/python-logbook/python-logbook.xibuild | 19 + repo/python-matrix-nio/python-matrix-nio.xibuild | 31 + repo/python-nio/python-nio.xibuild | 20 + repo/python-openssl/python-openssl.xibuild | 18 + repo/python-pillow/python-pillow.xibuild | 17 + repo/python-ply/python-ply.xibuild | 17 + repo/python-poetry-core/python-poetry-core.xibuild | 30 + repo/python-py/python-py.xibuild | 17 + .../python-pycryptodomex.xibuild | 17 + repo/python-pyopenssl/python-pyopenssl.xibuild | 17 + .../python-pyqt-builder.xibuild | 17 + repo/python-pyqt5-sip/python-pyqt5-sip.xibuild | 17 + repo/python-pyqt5/python-pyqt5.xibuild | 23 + .../python-pyqtwebengine.xibuild | 26 + repo/python-pyrsistent/python-pyrsistent.xibuild | 27 + repo/python-qrcode/python-qrcode.xibuild | 17 + repo/python-regex/python-regex.xibuild | 17 + repo/python-sip/python-sip.xibuild | 17 + .../python-sortedcontainers.xibuild | 17 + .../python-sphinx-rtd-theme.xibuild | 17 + repo/python-testpath/python-testpath.xibuild | 23 + repo/python-tomlkit/python-tomlkit.xibuild | 17 + repo/python-webcolors/python-webcolors.xibuild | 17 + repo/qt5-qtwebchannel/qt5-qtwebchannel.xibuild | 34 + .../0001-pretend-to-stay-at-5.15.3.patch | 8 + ...hromium-musl-Match-syscalls-to-match-musl.patch | 44 + .../default-pthread-stacksize.patch | 23 + repo/qt5-qtwebengine/ffmpeg5.patch | 151 ++ repo/qt5-qtwebengine/fix-chromium-build.patch | 79 + repo/qt5-qtwebengine/musl-hacks.patch | 13 + repo/qt5-qtwebengine/musl-sandbox.patch | 181 ++ repo/qt5-qtwebengine/nasm.patch | 13 + repo/qt5-qtwebengine/qt-chromium-python3.patch | 1752 ++++++++++++++++++++ repo/qt5-qtwebengine/qt-musl-crashpad.patch | 13 + .../qt5-qtwebengine/qt-musl-dispatch_to_musl.patch | 103 ++ repo/qt5-qtwebengine/qt-musl-elf-arm.patch | 13 + repo/qt5-qtwebengine/qt-musl-execinfo.patch | 108 ++ repo/qt5-qtwebengine/qt-musl-mallinfo.patch | 43 + repo/qt5-qtwebengine/qt-musl-off_t.patch | 10 + repo/qt5-qtwebengine/qt-musl-pread-pwrite.patch | 20 + repo/qt5-qtwebengine/qt-musl-pvalloc.patch | 14 + repo/qt5-qtwebengine/qt-musl-resolve.patch | 61 + repo/qt5-qtwebengine/qt-musl-siginfo_t.patch | 18 + repo/qt5-qtwebengine/qt-musl-stackstart.patch | 22 + .../qt-musl-sysreg-for__WORDSIZE.patch | 14 + .../qt5-qtwebengine/qt-musl-thread-stacksize.patch | 26 + repo/qt5-qtwebengine/qt-musl-tid-caching.patch | 81 + repo/qt5-qtwebengine/qt5-qtwebengine.xibuild | 75 + repo/qt5-qtwebengine/remove-glibc-check.patch | 78 + repo/qt5-qtwebengine/sndio.patch | 142 ++ repo/qt5-qtwebengine/support-python3.patch | 158 ++ repo/qt5-qtwebsockets/qt5-qtwebsockets.xibuild | 31 + repo/raylib/raylib.xibuild | 26 + repo/rpcsvc-proto/rpcsvc-proto.xibuild | 23 + repo/ruby-rake/ruby-rake.xibuild | 34 + repo/tcsh/001-sysmalloc.patch | 15 + .../6974bc35a5cda6eab748e364bd76a860ca66968b.patch | 22 + repo/tcsh/csh.cshrc | 96 ++ repo/tcsh/csh.login | 71 + repo/tcsh/tcsh.post-install | 4 + repo/tcsh/tcsh.post-upgrade | 4 + repo/tcsh/tcsh.pre-deinstall | 4 + repo/tcsh/tcsh.xibuild | 52 + .../fix-latest-libvirt-xml-output.patch | 108 ++ .../tests-remove-sgio-unfiltered.patch | 65 + repo/virt-manager/virt-manager.xibuild | 30 + repo/weechat-matrix/weechat-matrix.post-install | 13 + repo/weechat-matrix/weechat-matrix.xibuild | 38 + 183 files changed, 8823 insertions(+) create mode 100644 repo/augeas/acf.aug create mode 100644 repo/augeas/augeas.xibuild create mode 100644 repo/augeas/awall.aug create mode 100644 repo/augeas/fix-test.patch create mode 100644 repo/bridge-utils/bridge-utils.xibuild create mode 100644 repo/bridge-utils/fix-PATH_MAX-on-ppc64le.patch create mode 100644 repo/ddcutil/ddcutil.xibuild create mode 100644 repo/dmidecode/dmidecode.xibuild create mode 100644 repo/dnsmasq/0000-fix-heap-overflow-in-dns-replies.patch create mode 100644 repo/dnsmasq/0001-Retry-on-interrupted-error-in-tftp.patch create mode 100644 repo/dnsmasq/0002-Add-safety-checks-to-places-pointed-by-Coverity.patch create mode 100644 repo/dnsmasq/0003-Small-safeguard-to-unexpected-data.patch create mode 100644 repo/dnsmasq/0004-Fix-bunch-of-warnings-in-auth.c.patch create mode 100644 repo/dnsmasq/0005-Fix-few-coverity-warnings-in-lease-tools.patch create mode 100644 repo/dnsmasq/0006-Fix-coverity-formats-issues-in-blockdata.patch create mode 100644 repo/dnsmasq/0007-Retry-dhcp6-ping-on-interrupts.patch create mode 100644 repo/dnsmasq/0008-Fix-coverity-warnings-on-dbus.patch create mode 100644 repo/dnsmasq/0009-Address-coverity-issues-detected-in-util.c.patch create mode 100644 repo/dnsmasq/0010-Fix-coverity-detected-issues-in-option.c.patch create mode 100644 repo/dnsmasq/0011-Fix-coverity-detected-issue-in-radv.c.patch create mode 100644 repo/dnsmasq/0012-Fix-coverity-detected-issues-in-cache.c.patch create mode 100644 repo/dnsmasq/0013-Fix-coverity-issues-detected-in-domain-match.c.patch create mode 100644 repo/dnsmasq/0014-Fix-coverity-detected-issues-in-dnsmasq.c.patch create mode 100644 repo/dnsmasq/0015-Fix-coverity-issues-in-dnssec.c.patch create mode 100644 repo/dnsmasq/0020-Fix-crash-after-re-reading-empty-resolv.conf.patch create mode 100644 repo/dnsmasq/CVE-2022-0934.patch create mode 100644 repo/dnsmasq/config.h.patch create mode 100644 repo/dnsmasq/dnsmasq-dnssec.pre-install create mode 100644 repo/dnsmasq/dnsmasq-dnssec.pre-upgrade create mode 100644 repo/dnsmasq/dnsmasq.conf.patch create mode 100644 repo/dnsmasq/dnsmasq.confd create mode 100644 repo/dnsmasq/dnsmasq.initd create mode 100644 repo/dnsmasq/dnsmasq.pre-install create mode 100644 repo/dnsmasq/dnsmasq.pre-upgrade create mode 100644 repo/dnsmasq/dnsmasq.xibuild create mode 100644 repo/docbook2x/01_fix_static_datadir_evaluation.patch create mode 100644 repo/docbook2x/02_fix_418703_dont_use_abbreviated_sfnet_address.patch create mode 100644 repo/docbook2x/03_fix_420153_filename_whitespace_handling.patch create mode 100644 repo/docbook2x/04_fix_442782_preprocessor_declaration_syntax.patch create mode 100644 repo/docbook2x/05_fix_439214_error_on_missing_refentry.patch create mode 100644 repo/docbook2x/06_fix_man_typo.patch create mode 100644 repo/docbook2x/docbook2x.xibuild create mode 100644 repo/electrum/0001-apk-add-instead-of-apt-get-install.patch create mode 100644 repo/electrum/electrum.xibuild create mode 100644 repo/freeciv/freeciv.xibuild create mode 100644 repo/glfw/glfw.xibuild create mode 100644 repo/i2c-tools/i2c-tools.xibuild create mode 100644 repo/iptables/ebtables.confd create mode 100644 repo/iptables/ebtables.initd create mode 100644 repo/iptables/ip6tables.confd create mode 100644 repo/iptables/iptables.confd create mode 100644 repo/iptables/iptables.initd create mode 100644 repo/iptables/iptables.xibuild create mode 100644 repo/iptables/use-sh-iptables-apply.patch create mode 100644 repo/lf/lf.xibuild create mode 100644 repo/libmnl/libmnl.xibuild create mode 100644 repo/libmnl/musl-fix-headers.patch create mode 100644 repo/libnftnl/libnftnl.xibuild create mode 100644 repo/libsecp256k1/libsecp256k1.xibuild create mode 100644 repo/libtheora/automake.patch create mode 100644 repo/libtheora/enc.patch create mode 100644 repo/libtheora/fix-mmx.patch create mode 100644 repo/libtheora/fix-timeb.patch create mode 100644 repo/libtheora/libtheora-flags.patch create mode 100644 repo/libvirt/libvirt-6.0.0-fix_paths_in_libvirt-guests_sh.patch create mode 100644 repo/libvirt/libvirt-guests.confd create mode 100644 repo/libvirt/libvirt-guests.initd create mode 100644 repo/libvirt/libvirt.confd create mode 100644 repo/libvirt/libvirt.initd create mode 100755 repo/libvirt/libvirt.post-install create mode 100644 repo/libvirt/libvirt.xibuild create mode 100644 repo/libvirt/musl-fix-includes.patch create mode 100644 repo/libvirt/stderr-fix.patch create mode 100644 repo/libvirt/virtlockd.initd create mode 100644 repo/libvirt/virtlogd.initd create mode 100644 repo/lxc/lxc.confd create mode 100644 repo/lxc/lxc.initd create mode 100644 repo/lxc/lxc.xibuild create mode 100644 repo/maven/maven.xibuild create mode 100644 repo/netcf/netcf.xibuild create mode 100644 repo/npm/dont-check-for-last-version.patch create mode 100644 repo/npm/npm.xibuild create mode 100644 repo/npm/npmrc create mode 100644 repo/perl-path-tiny/perl-path-tiny.xibuild create mode 100644 repo/perl-xml-namespacesupport/perl-xml-namespacesupport.xibuild create mode 100644 repo/perl-xml-sax-base/perl-xml-sax-base.xibuild create mode 100644 repo/perl-xml-sax/perl-xml-sax.xibuild create mode 100644 repo/perl-xml-xpath/perl-xml-xpath.xibuild create mode 100644 repo/poetry/fix-packaging-tags.patch create mode 100644 repo/poetry/poetry.xibuild create mode 100644 repo/protobuf/protobuf.xibuild create mode 100644 repo/protobuf/ruby-fix-cflags.patch create mode 100644 repo/protobuf/skip-failing-tests.patch create mode 100644 repo/protobuf/trim-rakefile.patch create mode 100644 repo/python-aiohttp-socks/python-aiohttp-socks.xibuild create mode 100644 repo/python-aiohttp/python-aiohttp.xibuild create mode 100644 repo/python-aiorpcx/python-aiorpcx.xibuild create mode 100644 repo/python-aiosignal/python-aiosignal.xibuild create mode 100644 repo/python-atomicwrites/python-atomicwrites.xibuild create mode 100644 repo/python-attr/python-attr.xibuild create mode 100644 repo/python-attrs/python-attrs.xibuild create mode 100644 repo/python-bitstring/python-bitstring.xibuild create mode 100644 repo/python-charset-normalizer/python-charset-normalizer.xibuild create mode 100644 repo/python-dnspython/python-dnspython.xibuild create mode 100644 repo/python-ecdsa/python-ecdsa.xibuild create mode 100644 repo/python-exceptiongroup/python-exceptiongroup.xibuild create mode 100644 repo/python-exceptiongroup/use-flit-core.patch create mode 100644 repo/python-flit-core/python-flit-core.xibuild create mode 100644 repo/python-frozenlist/python-frozenlist.xibuild create mode 100644 repo/python-future/python-future.xibuild create mode 100644 repo/python-hypothesis/python-hypothesis.xibuild create mode 100644 repo/python-idna-ssl/python-idna-ssl.xibuild create mode 100644 repo/python-importlib-metadata/python-importlib-metadata.xibuild create mode 100644 repo/python-iniconfig/python-iniconfig.xibuild create mode 100644 repo/python-lark/python-lark.xibuild create mode 100644 repo/python-logbook/python-logbook.xibuild create mode 100644 repo/python-matrix-nio/python-matrix-nio.xibuild create mode 100644 repo/python-nio/python-nio.xibuild create mode 100644 repo/python-openssl/python-openssl.xibuild create mode 100644 repo/python-pillow/python-pillow.xibuild create mode 100644 repo/python-ply/python-ply.xibuild create mode 100644 repo/python-poetry-core/python-poetry-core.xibuild create mode 100644 repo/python-py/python-py.xibuild create mode 100644 repo/python-pycryptodomex/python-pycryptodomex.xibuild create mode 100644 repo/python-pyopenssl/python-pyopenssl.xibuild create mode 100644 repo/python-pyqt-builder/python-pyqt-builder.xibuild create mode 100644 repo/python-pyqt5-sip/python-pyqt5-sip.xibuild create mode 100644 repo/python-pyqt5/python-pyqt5.xibuild create mode 100644 repo/python-pyqtwebengine/python-pyqtwebengine.xibuild create mode 100644 repo/python-pyrsistent/python-pyrsistent.xibuild create mode 100644 repo/python-qrcode/python-qrcode.xibuild create mode 100644 repo/python-regex/python-regex.xibuild create mode 100644 repo/python-sip/python-sip.xibuild create mode 100644 repo/python-sortedcontainers/python-sortedcontainers.xibuild create mode 100644 repo/python-sphinx-rtd-theme/python-sphinx-rtd-theme.xibuild create mode 100644 repo/python-testpath/python-testpath.xibuild create mode 100644 repo/python-tomlkit/python-tomlkit.xibuild create mode 100644 repo/python-webcolors/python-webcolors.xibuild create mode 100644 repo/qt5-qtwebchannel/qt5-qtwebchannel.xibuild create mode 100644 repo/qt5-qtwebengine/0001-pretend-to-stay-at-5.15.3.patch create mode 100644 repo/qt5-qtwebengine/0010-chromium-musl-Match-syscalls-to-match-musl.patch create mode 100644 repo/qt5-qtwebengine/default-pthread-stacksize.patch create mode 100644 repo/qt5-qtwebengine/ffmpeg5.patch create mode 100644 repo/qt5-qtwebengine/fix-chromium-build.patch create mode 100644 repo/qt5-qtwebengine/musl-hacks.patch create mode 100644 repo/qt5-qtwebengine/musl-sandbox.patch create mode 100644 repo/qt5-qtwebengine/nasm.patch create mode 100644 repo/qt5-qtwebengine/qt-chromium-python3.patch create mode 100644 repo/qt5-qtwebengine/qt-musl-crashpad.patch create mode 100644 repo/qt5-qtwebengine/qt-musl-dispatch_to_musl.patch create mode 100644 repo/qt5-qtwebengine/qt-musl-elf-arm.patch create mode 100644 repo/qt5-qtwebengine/qt-musl-execinfo.patch create mode 100644 repo/qt5-qtwebengine/qt-musl-mallinfo.patch create mode 100644 repo/qt5-qtwebengine/qt-musl-off_t.patch create mode 100644 repo/qt5-qtwebengine/qt-musl-pread-pwrite.patch create mode 100644 repo/qt5-qtwebengine/qt-musl-pvalloc.patch create mode 100644 repo/qt5-qtwebengine/qt-musl-resolve.patch create mode 100644 repo/qt5-qtwebengine/qt-musl-siginfo_t.patch create mode 100644 repo/qt5-qtwebengine/qt-musl-stackstart.patch create mode 100644 repo/qt5-qtwebengine/qt-musl-sysreg-for__WORDSIZE.patch create mode 100644 repo/qt5-qtwebengine/qt-musl-thread-stacksize.patch create mode 100644 repo/qt5-qtwebengine/qt-musl-tid-caching.patch create mode 100644 repo/qt5-qtwebengine/qt5-qtwebengine.xibuild create mode 100644 repo/qt5-qtwebengine/remove-glibc-check.patch create mode 100644 repo/qt5-qtwebengine/sndio.patch create mode 100644 repo/qt5-qtwebengine/support-python3.patch create mode 100644 repo/qt5-qtwebsockets/qt5-qtwebsockets.xibuild create mode 100644 repo/raylib/raylib.xibuild create mode 100644 repo/rpcsvc-proto/rpcsvc-proto.xibuild create mode 100644 repo/ruby-rake/ruby-rake.xibuild create mode 100644 repo/tcsh/001-sysmalloc.patch create mode 100644 repo/tcsh/6974bc35a5cda6eab748e364bd76a860ca66968b.patch create mode 100644 repo/tcsh/csh.cshrc create mode 100644 repo/tcsh/csh.login create mode 100644 repo/tcsh/tcsh.post-install create mode 100644 repo/tcsh/tcsh.post-upgrade create mode 100644 repo/tcsh/tcsh.pre-deinstall create mode 100644 repo/tcsh/tcsh.xibuild create mode 100644 repo/virt-manager/fix-latest-libvirt-xml-output.patch create mode 100644 repo/virt-manager/tests-remove-sgio-unfiltered.patch create mode 100644 repo/virt-manager/virt-manager.xibuild create mode 100644 repo/weechat-matrix/weechat-matrix.post-install create mode 100644 repo/weechat-matrix/weechat-matrix.xibuild (limited to 'repo') diff --git a/repo/augeas/acf.aug b/repo/augeas/acf.aug new file mode 100644 index 0000000..377c0a8 --- /dev/null +++ b/repo/augeas/acf.aug @@ -0,0 +1,7 @@ +(* Copyright (C) 2016 Kaarle Ritvanen *) + +module Acf = + +autoload xfm + +let xfm = transform IniFile.lns_loose (incl "/etc/acf/acf.conf") diff --git a/repo/augeas/augeas.xibuild b/repo/augeas/augeas.xibuild new file mode 100644 index 0000000..2064482 --- /dev/null +++ b/repo/augeas/augeas.xibuild @@ -0,0 +1,44 @@ +#!/bin/sh + +NAME="augeas" +DESC="A configuration editing tool" + +MAKEDEPS=" autoconf automake libxml2 readline libtool" + +PKG_VER=1.12.0 +SOURCE="http://download.augeas.net/augeas-$PKG_VER.tar.gz" + +ADDITIONAL=" +acf.aug +awall.aug +fix-test.patch +" + +prepare() { + apply_patches + autoreconf -f -i +} + +build() { + ./configure \ + --prefix=/usr \ + --sysconfdir=/etc \ + --mandir=/usr/share/man \ + --infodir=/usr/share/info \ + --enable-static \ + --enable-shared \ + --disable-gnulib-tests + make +} + +package() { + make DESTDIR="$PKG_DEST" install + rm -rf "$PKG_DEST"/usr/lib/charset.alias + # Upstream packaging mistake, this should never have been installed + rm -f "$PKG_DEST"/usr/bin/dump + + local lens + for lens in acf awall; do + install -m 644 "$BUILD_ROOT"/$lens.aug "$PKG_DEST"/usr/share/augeas/lenses + done +} diff --git a/repo/augeas/awall.aug b/repo/augeas/awall.aug new file mode 100644 index 0000000..e4432d2 --- /dev/null +++ b/repo/augeas/awall.aug @@ -0,0 +1,9 @@ +(* Copyright (C) 2018 Kaarle Ritvanen *) + +module Awall = + +autoload xfm + +let xfm = transform Json.lns ( + incl "/etc/awall/*.json" . incl "/etc/awall/*/*.json" +) diff --git a/repo/augeas/fix-test.patch b/repo/augeas/fix-test.patch new file mode 100644 index 0000000..540aeba --- /dev/null +++ b/repo/augeas/fix-test.patch @@ -0,0 +1,13 @@ +diff --git a/tests/test-preserve.sh b/tests/test-preserve.sh +index 40b8689..f3e9b87 100755 +--- a/tests/test-preserve.sh ++++ b/tests/test-preserve.sh +@@ -40,7 +40,7 @@ if [ $? != 0 ] ; then + exit 1 + fi + +-act_group=$(ls -l $hosts | sed -e 's/ */ /g' | cut -d ' ' -f 4) ++act_group=$(stat -c "%G" $hosts) + act_mode=$(ls -l $hosts | cut -b 1-10) + if [ $selinux = yes ] ; then + act_con=$(stat --format=%C $hosts | cut -d ':' -f 3) diff --git a/repo/bridge-utils/bridge-utils.xibuild b/repo/bridge-utils/bridge-utils.xibuild new file mode 100644 index 0000000..cc94b7b --- /dev/null +++ b/repo/bridge-utils/bridge-utils.xibuild @@ -0,0 +1,32 @@ +#!/bin/sh + +NAME="bridge-utils" +DESC="Tools for configuring the Linux kernel 802.1d Ethernet Bridge" + +MAKEDEPS="autoconf linux-headers" + +PKG_VER=1.7.1 +SOURCE="https://git.kernel.org/pub/scm/network/bridge/bridge-utils.git/snapshot/bridge-utils-$PKG_VER.tar.gz" + +ADDITIONAL=" +fix-PATH_MAX-on-ppc64le.patch +" + +prepare() { + apply_patches + autoconf +} + +build() { + ./configure \ + --prefix=/usr \ + --mandir=/usr/share/man \ + --libdir=/usr/lib \ + --includedir=/usr/include + make +} + +package() { + make install DESTDIR="$PKG_DEST" +} + diff --git a/repo/bridge-utils/fix-PATH_MAX-on-ppc64le.patch b/repo/bridge-utils/fix-PATH_MAX-on-ppc64le.patch new file mode 100644 index 0000000..3fa75b9 --- /dev/null +++ b/repo/bridge-utils/fix-PATH_MAX-on-ppc64le.patch @@ -0,0 +1,26 @@ +Author: Milan P. Stanić +Date: Sun May 30 07:40:11 2021 +0000 + +Fix missing PATH_MAX on ppc64le + +--- a/libbridge/libbridge_devif.c 2021-05-30 07:59:46.533574878 +0000 ++++ b/libbridge/libbridge_devif.c 2021-05-30 08:01:09.964036452 +0000 +@@ -24,6 +24,7 @@ + #include + #include + #include ++#include + + #include "libbridge.h" + #include "libbridge_private.h" + +--- a/libbridge/libbridge_init.c 2021-05-30 08:00:15.983737797 +0000 ++++ b/libbridge/libbridge_init.c 2021-05-30 08:00:49.573923635 +0000 +@@ -24,6 +24,7 @@ + #include + #include + #include ++#include + + #include "libbridge.h" + #include "libbridge_private.h" diff --git a/repo/ddcutil/ddcutil.xibuild b/repo/ddcutil/ddcutil.xibuild new file mode 100644 index 0000000..457c922 --- /dev/null +++ b/repo/ddcutil/ddcutil.xibuild @@ -0,0 +1,25 @@ +#!/bin/sh + +NAME="ddcutil" +DESC="Query and change Linux monitor settings using DDC/CI and USB" + +MAKEDEPS="linux-headers autoconf automake libtool eudev libusb i2c-tools libxrandr glib kmod" + +PKG_VER=1.2.2 +SOURCE="https://github.com/rockowitz/ddcutil/archive/v$PKG_VER.tar.gz" + +prepare() { + NOCONFIGURE=1 ./autogen.sh +} + +build() { + ./configure \ + --prefix=/usr \ + --mandir=/usr/share/man + make +} + +package() { + make DESTDIR="$PKG_DEST" install +} + diff --git a/repo/dmidecode/dmidecode.xibuild b/repo/dmidecode/dmidecode.xibuild new file mode 100644 index 0000000..1ab5186 --- /dev/null +++ b/repo/dmidecode/dmidecode.xibuild @@ -0,0 +1,23 @@ +#!/bin/sh + +NAME="dmidecode" +DESC="A utility for reporting system hardware as described by BIOS" + +MAKEDEPS="" + +PKG_VER=3.3 +SOURCE="https://download.savannah.gnu.org/releases/dmidecode/dmidecode-$PKG_VER.tar.xz" + +prepare() { + apply_patches + sed -e '/^PROGRAMS !=/d' -e 's/-O2/-Os/' -i Makefile +} + +build() { + make prefix=/usr +} + +package() { + make prefix=/usr DESTDIR="$PKG_DEST" install +} + diff --git a/repo/dnsmasq/0000-fix-heap-overflow-in-dns-replies.patch b/repo/dnsmasq/0000-fix-heap-overflow-in-dns-replies.patch new file mode 100644 index 0000000..ab15361 --- /dev/null +++ b/repo/dnsmasq/0000-fix-heap-overflow-in-dns-replies.patch @@ -0,0 +1,66 @@ +Patch-Source: https://src.fedoraproject.org/rpms/dnsmasq/blob/f36/f/dnsmasq-2.77-underflow.patch +-- +From 77c7cabbeab1fbe1f7296f33762771f208586e59 Mon Sep 17 00:00:00 2001 +From: Doran Moppert +Date: Tue, 26 Sep 2017 14:48:20 +0930 +Subject: [PATCH] google patch hand-applied + +--- + src/edns0.c | 10 +++++----- + src/forward.c | 4 ++++ + src/rfc1035.c | 3 +++ + 3 files changed, 12 insertions(+), 5 deletions(-) + +diff --git a/src/edns0.c b/src/edns0.c +index 7bd26b8..7f96414 100644 +--- a/src/edns0.c ++++ b/src/edns0.c +@@ -212,11 +212,11 @@ size_t add_pseudoheader(struct dns_header *header, size_t plen, unsigned char *l + /* Copy back any options */ + if (buff) + { +- if (p + rdlen > limit) +- { +- free(buff); +- return plen; /* Too big */ +- } ++ if (p + rdlen > limit) ++ { ++ free(buff); ++ return plen; /* Too big */ ++ } + memcpy(p, buff, rdlen); + free(buff); + p += rdlen; +diff --git a/src/forward.c b/src/forward.c +index 3d638e4..e254e35 100644 +--- a/src/forward.c ++++ b/src/forward.c +@@ -1558,6 +1558,10 @@ void receive_query(struct listener *listen, time_t now) + udp_size = PACKETSZ; /* Sanity check - can't reduce below default. RFC 6891 6.2.3 */ + } + ++ // Make sure the udp size is not smaller than the incoming message so that we ++ // do not underflow ++ if (udp_size < n) udp_size = n; ++ + #ifdef HAVE_CONNTRACK + #ifdef HAVE_AUTH + if (!auth_dns || local_auth) +diff --git a/src/rfc1035.c b/src/rfc1035.c +index 6fc4f26..66fa00c 100644 +--- a/src/rfc1035.c ++++ b/src/rfc1035.c +@@ -1396,6 +1396,9 @@ size_t answer_request(struct dns_header *header, char *limit, size_t qlen, + size_t len; + int rd_bit = (header->hb3 & HB3_RD); + ++ // Make sure we do not underflow here too. ++ if (qlen > (limit - ((char *)header))) return 0; ++ + /* never answer queries with RD unset, to avoid cache snooping. */ + if (ntohs(header->ancount) != 0 || + ntohs(header->nscount) != 0 || +-- +2.31.1 + diff --git a/repo/dnsmasq/0001-Retry-on-interrupted-error-in-tftp.patch b/repo/dnsmasq/0001-Retry-on-interrupted-error-in-tftp.patch new file mode 100644 index 0000000..6fa3ac3 --- /dev/null +++ b/repo/dnsmasq/0001-Retry-on-interrupted-error-in-tftp.patch @@ -0,0 +1,27 @@ +Patch-Source: https://src.fedoraproject.org/rpms/dnsmasq/blob/f36/f/0001-Retry-on-interrupted-error-in-tftp.patch (backport from upstream) +-- +From f5f56c001dddd486859dc6301e6cbe00ba604fe8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Wed, 18 Aug 2021 10:09:35 +0200 +Subject: [PATCH 01/15] Retry on interrupted error in tftp + +Interrupt might arrive when sending error reply. Retry if possible. + +Wrong Check of Return Value + +diff --git a/src/tftp.c b/src/tftp.c +index 37bdff2..3d87523 100644 +--- a/src/tftp.c ++++ b/src/tftp.c +@@ -600,7 +600,7 @@ void check_tftp_listeners(time_t now) + /* Wrong source address. See rfc1350 para 4. */ + prettyprint_addr(&peer, daemon->addrbuff); + len = tftp_err(ERR_TID, daemon->packet, _("ignoring packet from %s (TID mismatch)"), daemon->addrbuff); +- sendto(transfer->sockfd, daemon->packet, len, 0, &peer.sa, sa_len(&peer)); ++ while(retry_send(sendto(transfer->sockfd, daemon->packet, len, 0, &peer.sa, sa_len(&peer)))); + } + } + } +-- +2.31.1 + diff --git a/repo/dnsmasq/0002-Add-safety-checks-to-places-pointed-by-Coverity.patch b/repo/dnsmasq/0002-Add-safety-checks-to-places-pointed-by-Coverity.patch new file mode 100644 index 0000000..1c84ecd --- /dev/null +++ b/repo/dnsmasq/0002-Add-safety-checks-to-places-pointed-by-Coverity.patch @@ -0,0 +1,45 @@ +Patch-Source: https://src.fedoraproject.org/rpms/dnsmasq/blob/f36/f/0002-Add-safety-checks-to-places-pointed-by-Coverity.patch (backport from upstream) +-- +From 061013293ceddce509ae06a31a045e803103f1ce Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Wed, 18 Aug 2021 14:59:23 +0200 +Subject: [PATCH 02/15] Add safety checks to places pointed by Coverity + +diff --git a/src/cache.c b/src/cache.c +index 8add610..97c51a7 100644 +--- a/src/cache.c ++++ b/src/cache.c +@@ -433,7 +433,7 @@ static struct crec *cache_scan_free(char *name, union all_addr *addr, unsigned s + else if (!(crecp->flags & (F_HOSTS | F_DHCP | F_CONFIG)) && + (flags & crecp->flags & F_REVERSE) && + (flags & crecp->flags & (F_IPV4 | F_IPV6)) && +- memcmp(&crecp->addr, addr, addrlen) == 0) ++ addr && memcmp(&crecp->addr, addr, addrlen) == 0) + { + *up = crecp->hash_next; + cache_unlink(crecp); +@@ -2013,7 +2013,7 @@ void log_query(unsigned int flags, char *name, union all_addr *addr, char *arg) + else + source = "cached"; + +- if (strlen(name) == 0) ++ if (name && !name[0]) + name = "."; + + if (option_bool(OPT_EXTRALOG)) +diff --git a/src/forward.c b/src/forward.c +index 3d638e4..f07c908 100644 +--- a/src/forward.c ++++ b/src/forward.c +@@ -2276,7 +2276,7 @@ int allocate_rfd(struct randfd_list **fdlp, struct server *serv) + } + } + +- if (j == daemon->numrrand) ++ if (!rfd) /* should be when j == daemon->numrrand */ + { + struct randfd_list *rfl_poll; + +-- +2.31.1 + diff --git a/repo/dnsmasq/0003-Small-safeguard-to-unexpected-data.patch b/repo/dnsmasq/0003-Small-safeguard-to-unexpected-data.patch new file mode 100644 index 0000000..8d90e96 --- /dev/null +++ b/repo/dnsmasq/0003-Small-safeguard-to-unexpected-data.patch @@ -0,0 +1,30 @@ +Patch-Source: https://src.fedoraproject.org/rpms/dnsmasq/blob/f36/f/0003-Small-safeguard-to-unexpected-data.patch +-- +From 920cd815bafea084f68cc4309399aea77bd7f66b Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Fri, 3 Sep 2021 14:11:42 +0200 +Subject: [PATCH 03/15] Small safeguard to unexpected data + +Make sure negative index is not used for comparison. It seems code in +option parsing does not allow it to be empty, but insist on it also in +this place. +--- + src/dhcp-common.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/dhcp-common.c b/src/dhcp-common.c +index 73568a9..85b269a 100644 +--- a/src/dhcp-common.c ++++ b/src/dhcp-common.c +@@ -88,7 +88,7 @@ int match_netid_wild(struct dhcp_netid *check, struct dhcp_netid *pool) + for (; check; check = check->next) + { + const int check_len = strlen(check->net); +- const int is_wc = (check->net[check_len - 1] == '*'); ++ const int is_wc = (check_len > 0 && check->net[check_len - 1] == '*'); + + /* '#' for not is for backwards compat. */ + if (check->net[0] != '!' && check->net[0] != '#') +-- +2.31.1 + diff --git a/repo/dnsmasq/0004-Fix-bunch-of-warnings-in-auth.c.patch b/repo/dnsmasq/0004-Fix-bunch-of-warnings-in-auth.c.patch new file mode 100644 index 0000000..f3b7caa --- /dev/null +++ b/repo/dnsmasq/0004-Fix-bunch-of-warnings-in-auth.c.patch @@ -0,0 +1,80 @@ +Patch-Source: https://src.fedoraproject.org/rpms/dnsmasq/blob/f36/f/0004-Fix-bunch-of-warnings-in-auth.c.patch (backport from upstream) +-- +From e61af561900b4d2dd976a575b2efd388be092742 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Fri, 3 Sep 2021 16:00:35 +0200 +Subject: [PATCH 04/15] Fix bunch of warnings in auth.c + +diff --git a/src/auth.c b/src/auth.c +index 172a4b2..4f03c39 100644 +--- a/src/auth.c ++++ b/src/auth.c +@@ -417,7 +417,6 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n + + if (!found && is_name_synthetic(flag, name, &addr) ) + { +- found = 1; + nxdomain = 0; + + log_query(F_FORWARD | F_CONFIG | flag, name, &addr, NULL); +@@ -433,7 +432,6 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n + if (qtype == T_SOA) + { + auth = soa = 1; /* inhibits auth section */ +- found = 1; + log_query(F_RRNAME | F_AUTH, zone->domain, NULL, ""); + } + else if (qtype == T_AXFR) +@@ -469,7 +467,6 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n + soa = 1; /* inhibits auth section */ + ns = 1; /* ensure we include NS records! */ + axfr = 1; +- found = 1; + axfroffset = nameoffset; + log_query(F_RRNAME | F_AUTH, zone->domain, NULL, ""); + } +@@ -477,7 +474,6 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n + { + auth = 1; + ns = 1; /* inhibits auth section */ +- found = 1; + log_query(F_RRNAME | F_AUTH, zone->domain, NULL, ""); + } + } +@@ -498,7 +494,6 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n + *cut = '.'; /* restore domain part */ + log_query(crecp->flags, name, &crecp->addr, record_source(crecp->uid)); + *cut = 0; /* remove domain part */ +- found = 1; + if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, + daemon->auth_ttl, NULL, qtype, C_IN, + qtype == T_A ? "4" : "6", &crecp->addr)) +@@ -519,7 +514,6 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n + if ((crecp->flags & flag) && (local_query || filter_zone(zone, flag, &(crecp->addr)))) + { + log_query(crecp->flags, name, &crecp->addr, record_source(crecp->uid)); +- found = 1; + if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, + daemon->auth_ttl, NULL, qtype, C_IN, + qtype == T_A ? "4" : "6", &crecp->addr)) +@@ -614,7 +608,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n + if (subnet->prefixlen >= 16 ) + p += sprintf(p, "%u.", a & 0xff); + a = a >> 8; +- p += sprintf(p, "%u.in-addr.arpa", a & 0xff); ++ sprintf(p, "%u.in-addr.arpa", a & 0xff); + + } + else +@@ -627,7 +621,7 @@ size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t n + int dig = ((unsigned char *)&subnet->addr.addr6)[i>>3]; + p += sprintf(p, "%.1x.", (i>>2) & 1 ? dig & 15 : dig >> 4); + } +- p += sprintf(p, "ip6.arpa"); ++ sprintf(p, "ip6.arpa"); + + } + } +-- +2.31.1 + diff --git a/repo/dnsmasq/0005-Fix-few-coverity-warnings-in-lease-tools.patch b/repo/dnsmasq/0005-Fix-few-coverity-warnings-in-lease-tools.patch new file mode 100644 index 0000000..dafed7d --- /dev/null +++ b/repo/dnsmasq/0005-Fix-few-coverity-warnings-in-lease-tools.patch @@ -0,0 +1,92 @@ +Patch-Source: https://src.fedoraproject.org/rpms/dnsmasq/blob/f36/f/0005-Fix-few-coverity-warnings-in-lease-tools.patch (backport from upstream) +-- +From be7f213066282baeed46cc34223601c462db9cbf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Fri, 3 Sep 2021 16:32:05 +0200 +Subject: [PATCH 05/15] Fix few coverity warnings in lease-tools + +diff --git a/contrib/lease-tools/dhcp_release.c b/contrib/lease-tools/dhcp_release.c +index c1c835b..84f5610 100644 +--- a/contrib/lease-tools/dhcp_release.c ++++ b/contrib/lease-tools/dhcp_release.c +@@ -280,6 +280,7 @@ int main(int argc, char **argv) + + /* This voodoo fakes up a packet coming from the correct interface, which really matters for + a DHCP server */ ++ memset(&ifr, 0, sizeof(ifr)); + strncpy(ifr.ifr_name, argv[1], sizeof(ifr.ifr_name)-1); + ifr.ifr_name[sizeof(ifr.ifr_name)-1] = '\0'; + if (setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, &ifr, sizeof(ifr)) == -1) +diff --git a/contrib/lease-tools/dhcp_release6.c b/contrib/lease-tools/dhcp_release6.c +index d680222..9b3438f 100644 +--- a/contrib/lease-tools/dhcp_release6.c ++++ b/contrib/lease-tools/dhcp_release6.c +@@ -318,6 +318,12 @@ void usage(const char* arg, FILE* stream) + fprintf (stream, "Usage: %s %s\n", arg, usage_string); + } + ++static void fail_fatal(const char *errstr, int exitcode) ++{ ++ perror(errstr); ++ exit(exitcode); ++} ++ + int send_release_packet(const char* iface, struct dhcp6_packet* packet) + { + struct sockaddr_in6 server_addr, client_addr; +@@ -343,18 +349,19 @@ int send_release_packet(const char* iface, struct dhcp6_packet* packet) + client_addr.sin6_port = htons(DHCP6_CLIENT_PORT); + client_addr.sin6_flowinfo = 0; + client_addr.sin6_scope_id =0; +- inet_pton(AF_INET6, "::", &client_addr.sin6_addr); +- bind(sock, (struct sockaddr*)&client_addr, sizeof(struct sockaddr_in6)); +- inet_pton(AF_INET6, DHCP6_MULTICAST_ADDRESS, &server_addr.sin6_addr); ++ if (inet_pton(AF_INET6, "::", &client_addr.sin6_addr) <= 0) ++ fail_fatal("inet_pton", 5); ++ if (bind(sock, (struct sockaddr*)&client_addr, sizeof(struct sockaddr_in6)) != 0) ++ perror("bind"); /* continue on bind error */ ++ if (inet_pton(AF_INET6, DHCP6_MULTICAST_ADDRESS, &server_addr.sin6_addr) <= 0) ++ fail_fatal("inet_pton", 5); + server_addr.sin6_port = htons(DHCP6_SERVER_PORT); +- int16_t recv_size = 0; ++ ssize_t recv_size = 0; ++ int result; + for (i = 0; i < 5; i++) + { + if (sendto(sock, packet->buf, packet->len, 0, (struct sockaddr *)&server_addr, sizeof(server_addr)) < 0) +- { +- perror("sendto failed"); +- exit(4); +- } ++ fail_fatal("sendto failed", 4); + + recv_size = recvfrom(sock, response, sizeof(response), MSG_DONTWAIT, NULL, 0); + if (recv_size == -1) +@@ -367,16 +374,18 @@ int send_release_packet(const char* iface, struct dhcp6_packet* packet) + else + { + perror("recvfrom"); ++ result = UNSPEC_FAIL; + } + } +- +- int16_t result = parse_packet(response, recv_size); +- if (result == NOT_REPLY_CODE) ++ else + { +- sleep(1); +- continue; ++ result = parse_packet(response, recv_size); ++ if (result == NOT_REPLY_CODE) ++ { ++ sleep(1); ++ continue; ++ } + } +- + close(sock); + return result; + } +-- +2.31.1 + diff --git a/repo/dnsmasq/0006-Fix-coverity-formats-issues-in-blockdata.patch b/repo/dnsmasq/0006-Fix-coverity-formats-issues-in-blockdata.patch new file mode 100644 index 0000000..441fbef --- /dev/null +++ b/repo/dnsmasq/0006-Fix-coverity-formats-issues-in-blockdata.patch @@ -0,0 +1,23 @@ +Patch-Source: https://src.fedoraproject.org/rpms/dnsmasq/blob/f36/f/0006-Fix-coverity-formats-issues-in-blockdata.patch (backport from upstream) +-- +From 3a077065ce846e301b532127ebecdd2771ad75ed Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Fri, 3 Sep 2021 16:41:00 +0200 +Subject: [PATCH 06/15] Fix coverity formats issues in blockdata + +diff --git a/src/blockdata.c b/src/blockdata.c +index f7740b5..0986285 100644 +--- a/src/blockdata.c ++++ b/src/blockdata.c +@@ -52,7 +52,7 @@ void blockdata_init(void) + + void blockdata_report(void) + { +- my_syslog(LOG_INFO, _("pool memory in use %u, max %u, allocated %u"), ++ my_syslog(LOG_INFO, _("pool memory in use %zu, max %zu, allocated %zu"), + blockdata_count * sizeof(struct blockdata), + blockdata_hwm * sizeof(struct blockdata), + blockdata_alloced * sizeof(struct blockdata)); +-- +2.31.1 + diff --git a/repo/dnsmasq/0007-Retry-dhcp6-ping-on-interrupts.patch b/repo/dnsmasq/0007-Retry-dhcp6-ping-on-interrupts.patch new file mode 100644 index 0000000..7fea553 --- /dev/null +++ b/repo/dnsmasq/0007-Retry-dhcp6-ping-on-interrupts.patch @@ -0,0 +1,23 @@ +Patch-Source: https://src.fedoraproject.org/rpms/dnsmasq/blob/f36/f/0007-Retry-dhcp6-ping-on-interrupts.patch (backport from upstream) +-- +From 467b621fb7da6e1318ac7204325b0adb01b3ff19 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Fri, 3 Sep 2021 16:48:50 +0200 +Subject: [PATCH 07/15] Retry dhcp6 ping on interrupts + +diff --git a/src/dhcp6.c b/src/dhcp6.c +index 2be877f..ae1f5c1 100644 +--- a/src/dhcp6.c ++++ b/src/dhcp6.c +@@ -292,7 +292,7 @@ void get_client_mac(struct in6_addr *client, int iface, unsigned char *mac, unsi + if ((maclen = find_mac(&addr, mac, 0, now)) != 0) + break; + +- sendto(daemon->icmp6fd, &neigh, sizeof(neigh), 0, &addr.sa, sizeof(addr)); ++ while(retry_send(sendto(daemon->icmp6fd, &neigh, sizeof(neigh), 0, &addr.sa, sizeof(addr)))); + + ts.tv_sec = 0; + ts.tv_nsec = 100000000; /* 100ms */ +-- +2.31.1 + diff --git a/repo/dnsmasq/0008-Fix-coverity-warnings-on-dbus.patch b/repo/dnsmasq/0008-Fix-coverity-warnings-on-dbus.patch new file mode 100644 index 0000000..160d4d0 --- /dev/null +++ b/repo/dnsmasq/0008-Fix-coverity-warnings-on-dbus.patch @@ -0,0 +1,84 @@ +Patch-Source: https://src.fedoraproject.org/rpms/dnsmasq/blob/f36/f/0008-Fix-coverity-warnings-on-dbus.patch (backport from upstream) +-- +From bbfdf6a435cbd5f71ae76f962ce86786346589aa Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Fri, 3 Sep 2021 17:19:05 +0200 +Subject: [PATCH 08/15] Fix coverity warnings on dbus + +diff --git a/src/dbus.c b/src/dbus.c +index cbdce9c..d746b9a 100644 +--- a/src/dbus.c ++++ b/src/dbus.c +@@ -114,7 +114,7 @@ static dbus_bool_t add_watch(DBusWatch *watch, void *data) + w->next = daemon->watches; + daemon->watches = w; + +- w = data; /* no warning */ ++ (void)data; /* no warning */ + return TRUE; + } + +@@ -134,16 +134,20 @@ static void remove_watch(DBusWatch *watch, void *data) + up = &(w->next); + } + +- w = data; /* no warning */ ++ (void)data; /* no warning */ + } + +-static void dbus_read_servers(DBusMessage *message) ++static DBusMessage* dbus_read_servers(DBusMessage *message) + { + DBusMessageIter iter; + union mysockaddr addr, source_addr; + char *domain; + +- dbus_message_iter_init(message, &iter); ++ if (!dbus_message_iter_init(message, &iter)) ++ { ++ return dbus_message_new_error(message, DBUS_ERROR_INVALID_ARGS, ++ "Failed to initialize dbus message iter"); ++ } + + mark_servers(SERV_FROM_DBUS); + +@@ -222,6 +226,7 @@ static void dbus_read_servers(DBusMessage *message) + + /* unlink and free anything still marked. */ + cleanup_servers(); ++ return NULL; + } + + #ifdef HAVE_LOOP +@@ -545,6 +550,10 @@ static DBusMessage *dbus_add_lease(DBusMessage* message) + "Invalid IP address '%s'", ipaddr); + + hw_len = parse_hex((char*)hwaddr, dhcp_chaddr, DHCP_CHADDR_MAX, NULL, &hw_type); ++ if (hw_len < 0) ++ return dbus_message_new_error_printf(message, DBUS_ERROR_INVALID_ARGS, ++ "Invalid HW address '%s'", hwaddr); ++ + if (hw_type == 0 && hw_len != 0) + hw_type = ARPHRD_ETHER; + +@@ -668,7 +677,7 @@ DBusHandlerResult message_handler(DBusConnection *connection, + #endif + else if (strcmp(method, "SetServers") == 0) + { +- dbus_read_servers(message); ++ reply = dbus_read_servers(message); + new_servers = 1; + } + else if (strcmp(method, "SetServersEx") == 0) +@@ -719,7 +728,7 @@ DBusHandlerResult message_handler(DBusConnection *connection, + if (clear_cache) + clear_cache_and_reload(dnsmasq_time()); + +- method = user_data; /* no warning */ ++ (void)user_data; /* no warning */ + + /* If no reply or no error, return nothing */ + if (!reply) +-- +2.31.1 + diff --git a/repo/dnsmasq/0009-Address-coverity-issues-detected-in-util.c.patch b/repo/dnsmasq/0009-Address-coverity-issues-detected-in-util.c.patch new file mode 100644 index 0000000..4dbf56d --- /dev/null +++ b/repo/dnsmasq/0009-Address-coverity-issues-detected-in-util.c.patch @@ -0,0 +1,58 @@ +Patch-Source: https://src.fedoraproject.org/rpms/dnsmasq/blob/f36/f/0009-Address-coverity-issues-detected-in-util.c.patch (backport from upstream) +-- +From 7b975696a7bda5b86fcf168644f177544adb6fe9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Fri, 3 Sep 2021 17:38:26 +0200 +Subject: [PATCH 09/15] Address coverity issues detected in util.c + +diff --git a/src/util.c b/src/util.c +index 1425764..8e69d55 100644 +--- a/src/util.c ++++ b/src/util.c +@@ -208,6 +208,8 @@ char *canonicalise(char *in, int *nomem) + /* older libidn2 strips underscores, so don't do IDN processing + if the name has an underscore (check_name() returned 2) */ + if (rc != 2) ++#else ++ (void)rc; + #endif + #if defined(HAVE_IDN) || defined(HAVE_LIBIDN2) + { +@@ -235,11 +237,14 @@ char *canonicalise(char *in, int *nomem) + return ret; + } + #endif +- ++ ++#if !defined(HAVE_LIBIDN2) || (defined(HAVE_LIBIDN2) && (!defined(IDN2_VERSION_NUMBER) || IDN2_VERSION_NUMBER < 0x02000003)) ++ /* If recent libidn2 is used, it cannot reach this code. */ + if ((ret = whine_malloc(strlen(in)+1))) + strcpy(ret, in); + else if (nomem) +- *nomem = 1; ++ *nomem = 1; ++#endif + + return ret; + } +@@ -528,7 +533,7 @@ void prettyprint_time(char *buf, unsigned int t) + if ((x = (t/60)%60)) + p += sprintf(&buf[p], "%um", x); + if ((x = t%60)) +- p += sprintf(&buf[p], "%us", x); ++ sprintf(&buf[p], "%us", x); + } + } + +@@ -574,7 +579,7 @@ int parse_hex(char *in, unsigned char *out, int maxlen, + int j, bytes = (1 + (r - in))/2; + for (j = 0; j < bytes; j++) + { +- char sav = sav; ++ char sav; + if (j < bytes - 1) + { + sav = in[(j+1)*2]; +-- +2.31.1 + diff --git a/repo/dnsmasq/0010-Fix-coverity-detected-issues-in-option.c.patch b/repo/dnsmasq/0010-Fix-coverity-detected-issues-in-option.c.patch new file mode 100644 index 0000000..25b271f --- /dev/null +++ b/repo/dnsmasq/0010-Fix-coverity-detected-issues-in-option.c.patch @@ -0,0 +1,135 @@ +Patch-Source: https://src.fedoraproject.org/rpms/dnsmasq/blob/f36/f/0010-Fix-coverity-detected-issues-in-option.c.patch (backport from upstream) +-- +From db835f8c40e83c6392e69ffc7f2cc500f7682dd4 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Fri, 3 Sep 2021 19:23:20 +0200 +Subject: [PATCH 10/15] Fix coverity detected issues in option.c + +diff --git a/src/option.c b/src/option.c +index ffce9fc..11655fd 100644 +--- a/src/option.c ++++ b/src/option.c +@@ -798,7 +798,7 @@ static void do_usage(void) + + if (usage[i].arg) + { +- strcpy(buff, usage[i].arg); ++ safe_strncpy(buff, usage[i].arg, sizeof(buff)); + for (j = 0; tab[j].handle; j++) + if (tab[j].handle == *(usage[i].arg)) + sprintf(buff, "%d", tab[j].val); +@@ -959,7 +959,7 @@ static int domain_rev4(char *domain, struct in_addr addr, int msize) + return 0; + } + +- domain += sprintf(domain, "in-addr.arpa"); ++ sprintf(domain, "in-addr.arpa"); + + return 1; + } +@@ -978,7 +978,7 @@ static int domain_rev6(char *domain, struct in6_addr *addr, int msize) + int dig = ((unsigned char *)addr)[i>>3]; + domain += sprintf(domain, "%.1x.", (i>>2) & 1 ? dig & 15 : dig >> 4); + } +- domain += sprintf(domain, "ip6.arpa"); ++ sprintf(domain, "ip6.arpa"); + + return 1; + } +@@ -1829,6 +1829,8 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + new->next = li; + *up = new; + } ++ else ++ free(path); + + } + +@@ -1995,7 +1997,11 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + + if (!(name = canonicalise_opt(arg)) || + (comma && !(target = canonicalise_opt(comma)))) +- ret_err(_("bad MX name")); ++ { ++ free(name); ++ free(target); ++ ret_err(_("bad MX name")); ++ } + + new = opt_malloc(sizeof(struct mx_srv_record)); + new->next = daemon->mxnames; +@@ -3616,6 +3622,7 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + inet_ntop(AF_INET, &in, daemon->addrbuff, ADDRSTRLEN); + sprintf(errstr, _("duplicate dhcp-host IP address %s"), + daemon->addrbuff); ++ dhcp_config_free(new); + return 0; + } + } +@@ -3779,16 +3786,16 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + + case LOPT_NAME_MATCH: /* --dhcp-name-match */ + { +- struct dhcp_match_name *new = opt_malloc(sizeof(struct dhcp_match_name)); +- struct dhcp_netid *id = opt_malloc(sizeof(struct dhcp_netid)); ++ struct dhcp_match_name *new; + ssize_t len; + + if (!(comma = split(arg)) || (len = strlen(comma)) == 0) + ret_err(gen_err); + ++ new = opt_malloc(sizeof(struct dhcp_match_name)); + new->wildcard = 0; +- new->netid = id; +- id->net = opt_string_alloc(set_prefix(arg)); ++ new->netid = opt_malloc(sizeof(struct dhcp_netid)); ++ new->netid->net = opt_string_alloc(set_prefix(arg)); + + if (comma[len-1] == '*') + { +@@ -3992,6 +3999,8 @@ static int one_opt(int option, char *arg, char *errstr, char *gen_err, int comma + } + } + ++ dhcp_netid_free(new->netid); ++ free(new); + ret_err(gen_err); + } + +@@ -4367,7 +4376,7 @@ err: + case LOPT_CNAME: /* --cname */ + { + struct cname *new; +- char *alias, *target, *last, *pen; ++ char *alias, *target=NULL, *last, *pen; + int ttl = -1; + + for (last = pen = NULL, comma = arg; comma; comma = split(comma)) +@@ -4382,13 +4391,13 @@ err: + if (pen != arg && atoi_check(last, &ttl)) + last = pen; + +- target = canonicalise_opt(last); +- + while (arg != last) + { + int arglen = strlen(arg); + alias = canonicalise_opt(arg); + ++ if (!target) ++ target = canonicalise_opt(last); + if (!alias || !target) + { + free(target); +@@ -4691,7 +4700,7 @@ err: + struct name_list *nl; + if (!canon) + { +- struct name_list *tmp = new->names, *next; ++ struct name_list *tmp, *next; + for (tmp = new->names; tmp; tmp = next) + { + next = tmp->next; +-- +2.31.1 + diff --git a/repo/dnsmasq/0011-Fix-coverity-detected-issue-in-radv.c.patch b/repo/dnsmasq/0011-Fix-coverity-detected-issue-in-radv.c.patch new file mode 100644 index 0000000..d3a9819 --- /dev/null +++ b/repo/dnsmasq/0011-Fix-coverity-detected-issue-in-radv.c.patch @@ -0,0 +1,23 @@ +Patch-Source: https://src.fedoraproject.org/rpms/dnsmasq/blob/f36/f/0011-Fix-coverity-detected-issue-in-radv.c.patch (backport from upstream) +-- +From 9c088b29dcdb8a3e013120d8272a6e0314a8f3df Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Fri, 3 Sep 2021 19:29:23 +0200 +Subject: [PATCH 11/15] Fix coverity detected issue in radv.c + +diff --git a/src/radv.c b/src/radv.c +index 3255904..6d6fa32 100644 +--- a/src/radv.c ++++ b/src/radv.c +@@ -746,6 +746,8 @@ static int add_lla(int index, unsigned int type, char *mac, size_t maclen, void + add 7 to round up */ + int len = (maclen + 9) >> 3; + unsigned char *p = expand(len << 3); ++ if (!p) ++ return 1; + memset(p, 0, len << 3); + *p++ = ICMP6_OPT_SOURCE_MAC; + *p++ = len; +-- +2.31.1 + diff --git a/repo/dnsmasq/0012-Fix-coverity-detected-issues-in-cache.c.patch b/repo/dnsmasq/0012-Fix-coverity-detected-issues-in-cache.c.patch new file mode 100644 index 0000000..b98f71f --- /dev/null +++ b/repo/dnsmasq/0012-Fix-coverity-detected-issues-in-cache.c.patch @@ -0,0 +1,23 @@ +Patch-Source: https://src.fedoraproject.org/rpms/dnsmasq/blob/f36/f/0012-Fix-coverity-detected-issues-in-cache.c.patch (backport from upstream) +-- +From 957b2b25238d82a6c3afced2ff0423ad171fb22e Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Fri, 3 Sep 2021 20:10:37 +0200 +Subject: [PATCH 12/15] Fix coverity detected issues in cache.c + +diff --git a/src/cache.c b/src/cache.c +index 97c51a7..6722fa6 100644 +--- a/src/cache.c ++++ b/src/cache.c +@@ -1188,7 +1188,7 @@ void cache_reload(void) + struct host_record *hr; + struct name_list *nl; + struct cname *a; +- struct crec lrec; ++ struct crec lrec = { 0, }; + struct mx_srv_record *mx; + struct txt_record *txt; + struct interface_name *intr; +-- +2.31.1 + diff --git a/repo/dnsmasq/0013-Fix-coverity-issues-detected-in-domain-match.c.patch b/repo/dnsmasq/0013-Fix-coverity-issues-detected-in-domain-match.c.patch new file mode 100644 index 0000000..7b8db66 --- /dev/null +++ b/repo/dnsmasq/0013-Fix-coverity-issues-detected-in-domain-match.c.patch @@ -0,0 +1,60 @@ +Patch-Source: https://src.fedoraproject.org/rpms/dnsmasq/blob/f36/f/0013-Fix-coverity-issues-detected-in-domain-match.c.patch (backport from upstream) +-- +From 0dafe990a1395d597bc6022c3936769f7a0ddea7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Fri, 3 Sep 2021 21:16:22 +0200 +Subject: [PATCH 13/15] Fix coverity issues detected in domain-match.c + +diff --git a/src/domain-match.c b/src/domain-match.c +index f8e4796..7124c18 100644 +--- a/src/domain-match.c ++++ b/src/domain-match.c +@@ -411,7 +411,8 @@ size_t make_local_answer(int flags, int gotname, size_t size, struct dns_header + addr.addr4 = srv->addr; + + header->ancount = htons(ntohs(header->ancount) + 1); +- add_resource_record(header, limit, &trunc, sizeof(struct dns_header), &p, daemon->local_ttl, NULL, T_A, C_IN, "4", &addr); ++ if (!add_resource_record(header, limit, &trunc, sizeof(struct dns_header), &p, daemon->local_ttl, NULL, T_A, C_IN, "4", &addr)) ++ return 0; + log_query((flags | F_CONFIG | F_FORWARD) & ~F_IPV6, name, (union all_addr *)&addr, NULL); + } + +@@ -426,7 +427,8 @@ size_t make_local_answer(int flags, int gotname, size_t size, struct dns_header + addr.addr6 = srv->addr; + + header->ancount = htons(ntohs(header->ancount) + 1); +- add_resource_record(header, limit, &trunc, sizeof(struct dns_header), &p, daemon->local_ttl, NULL, T_AAAA, C_IN, "6", &addr); ++ if (!add_resource_record(header, limit, &trunc, sizeof(struct dns_header), &p, daemon->local_ttl, NULL, T_AAAA, C_IN, "6", &addr)) ++ return 0; + log_query((flags | F_CONFIG | F_FORWARD) & ~F_IPV4, name, (union all_addr *)&addr, NULL); + } + +@@ -609,9 +611,11 @@ int add_update_server(int flags, + + if (*domain == 0) + alloc_domain = whine_malloc(1); +- else if (!(alloc_domain = canonicalise((char *)domain, NULL))) ++ else ++ alloc_domain = canonicalise((char *)domain, NULL); ++ if (!alloc_domain) + return 0; +- ++ + /* See if there is a suitable candidate, and unmark + only do this for forwarding servers, not + address or local, to avoid delays on large numbers. */ +@@ -643,7 +647,10 @@ int add_update_server(int flags, + size = sizeof(struct server); + + if (!(serv = whine_malloc(size))) +- return 0; ++ { ++ free(alloc_domain); ++ return 0; ++ } + + if (flags & SERV_IS_LOCAL) + { +-- +2.31.1 + diff --git a/repo/dnsmasq/0014-Fix-coverity-detected-issues-in-dnsmasq.c.patch b/repo/dnsmasq/0014-Fix-coverity-detected-issues-in-dnsmasq.c.patch new file mode 100644 index 0000000..148a4b3 --- /dev/null +++ b/repo/dnsmasq/0014-Fix-coverity-detected-issues-in-dnsmasq.c.patch @@ -0,0 +1,69 @@ +Patch-Source: https://src.fedoraproject.org/rpms/dnsmasq/blob/f36/f/0014-Fix-coverity-detected-issues-in-dnsmasq.c.patch (backport from upstream) +-- +From f476acbe3c2830e6ff0c50cc36d364a3f3f4fadb Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Fri, 3 Sep 2021 22:45:29 +0200 +Subject: [PATCH 14/15] Fix coverity detected issues in dnsmasq.c + +diff --git a/src/dnsmasq.c b/src/dnsmasq.c +index 602daed..3e1bfe8 100644 +--- a/src/dnsmasq.c ++++ b/src/dnsmasq.c +@@ -34,7 +34,6 @@ static void poll_resolv(int force, int do_reload, time_t now); + + int main (int argc, char **argv) + { +- int bind_fallback = 0; + time_t now; + struct sigaction sigact; + struct iname *if_tmp; +@@ -59,6 +58,8 @@ int main (int argc, char **argv) + int did_bind = 0; + struct server *serv; + char *netlink_warn; ++#else ++ int bind_fallback = 0; + #endif + #if defined(HAVE_DHCP) || defined(HAVE_DHCP6) + struct dhcp_context *context; +@@ -377,7 +378,7 @@ int main (int argc, char **argv) + bindtodevice(bound_device, daemon->dhcpfd); + did_bind = 1; + } +- if (daemon->enable_pxe && bound_device) ++ if (daemon->enable_pxe && bound_device && daemon->pxefd != -1) + { + bindtodevice(bound_device, daemon->pxefd); + did_bind = 1; +@@ -920,8 +921,10 @@ int main (int argc, char **argv) + my_syslog(LOG_WARNING, _("warning: failed to change owner of %s: %s"), + daemon->log_file, strerror(log_err)); + ++#ifndef HAVE_LINUX_NETWORK + if (bind_fallback) + my_syslog(LOG_WARNING, _("setting --bind-interfaces option because of OS limitations")); ++#endif + + if (option_bool(OPT_NOWILD)) + warn_bound_listeners(); +@@ -1575,7 +1578,7 @@ static void async_event(int pipe, time_t now) + { + /* block in writes until all done */ + if ((i = fcntl(daemon->helperfd, F_GETFL)) != -1) +- fcntl(daemon->helperfd, F_SETFL, i & ~O_NONBLOCK); ++ while(retry_send(fcntl(daemon->helperfd, F_SETFL, i & ~O_NONBLOCK))); + do { + helper_write(); + } while (!helper_buf_empty() || do_script_run(now)); +@@ -1984,7 +1987,7 @@ static void check_dns_listeners(time_t now) + attribute from the listening socket. + Reset that here. */ + if ((flags = fcntl(confd, F_GETFL, 0)) != -1) +- fcntl(confd, F_SETFL, flags & ~O_NONBLOCK); ++ while(retry_send(fcntl(confd, F_SETFL, flags & ~O_NONBLOCK))); + + buff = tcp_request(confd, now, &tcp_addr, netmask, auth_dns); + +-- +2.31.1 + diff --git a/repo/dnsmasq/0015-Fix-coverity-issues-in-dnssec.c.patch b/repo/dnsmasq/0015-Fix-coverity-issues-in-dnssec.c.patch new file mode 100644 index 0000000..7f9d5d3 --- /dev/null +++ b/repo/dnsmasq/0015-Fix-coverity-issues-in-dnssec.c.patch @@ -0,0 +1,35 @@ +Patch-Source: https://src.fedoraproject.org/rpms/dnsmasq/blob/f36/f/0015-Fix-coverity-issues-in-dnssec.c.patch (backport from upstream) +-- +From 82c23fb1f0d9e46c6ce4bc4a57f0d377cc6089b7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= +Date: Fri, 3 Sep 2021 22:51:36 +0200 +Subject: [PATCH 15/15] Fix coverity issues in dnssec.c + +diff --git a/src/dnssec.c b/src/dnssec.c +index 94ebb6f..8800a5b 100644 +--- a/src/dnssec.c ++++ b/src/dnssec.c +@@ -724,7 +724,8 @@ static int validate_rrset(time_t now, struct dns_header *header, size_t plen, in + + /* namebuff used for workspace above, restore to leave unchanged on exit */ + p = (unsigned char*)(rrset[0]); +- extract_name(header, plen, &p, name, 1, 0); ++ if (!extract_name(header, plen, &p, name, 1, 0)) ++ return STAT_BOGUS; + + if (key) + { +@@ -1017,7 +1018,9 @@ int dnssec_validate_ds(time_t now, struct dns_header *header, size_t plen, char + } + + p = (unsigned char *)(header+1); +- extract_name(header, plen, &p, name, 1, 4); ++ if (!extract_name(header, plen, &p, name, 1, 4)) ++ return STAT_BOGUS; ++ + p += 4; /* qtype, qclass */ + + /* If the key needed to validate the DS is on the same domain as the DS, we'll +-- +2.31.1 + diff --git a/repo/dnsmasq/0020-Fix-crash-after-re-reading-empty-resolv.conf.patch b/repo/dnsmasq/0020-Fix-crash-after-re-reading-empty-resolv.conf.patch new file mode 100644 index 0000000..169897e --- /dev/null +++ b/repo/dnsmasq/0020-Fix-crash-after-re-reading-empty-resolv.conf.patch @@ -0,0 +1,38 @@ +Patch-Source: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=d290630d31f4517ab26392d00753d1397f9a4114 (upstream) +-- +From d290630d31f4517ab26392d00753d1397f9a4114 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Wed, 6 Oct 2021 22:31:06 +0100 +Subject: [PATCH] Fix crash after re-reading an empty resolv.conf file. + +If dnsmasq re-reads a resolv file, and it's empty, it will +retry after a delay. In the meantime, the old servers from the +resolv file have been deleted, but the servers_array doesn't +get updated, leading to dangling pointers and crashes. + +Thanks to Brad Jorsch for finding and analysing this bug. + +This problem was introduced in 2.86. +--- + src/dnsmasq.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/src/dnsmasq.c b/src/dnsmasq.c +index c7fa024..9516680 100644 +--- a/src/dnsmasq.c ++++ b/src/dnsmasq.c +@@ -1682,6 +1682,11 @@ static void poll_resolv(int force, int do_reload, time_t now) + } + else + { ++ /* If we're delaying things, we don't call check_servers(), but ++ reload_servers() may have deleted some servers, rendering the server_array ++ invalid, so just rebuild that here. Once reload_servers() succeeds, ++ we call check_servers() above, which calls build_server_array itself. */ ++ build_server_array(); + latest->mtime = 0; + if (!warned) + { +-- +2.20.1 + diff --git a/repo/dnsmasq/CVE-2022-0934.patch b/repo/dnsmasq/CVE-2022-0934.patch new file mode 100644 index 0000000..1381626 --- /dev/null +++ b/repo/dnsmasq/CVE-2022-0934.patch @@ -0,0 +1,189 @@ +Patch-Source: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=03345ecefeb0d82e3c3a4c28f27c3554f0611b39 (upstream) +-- +From 03345ecefeb0d82e3c3a4c28f27c3554f0611b39 Mon Sep 17 00:00:00 2001 +From: Simon Kelley +Date: Thu, 31 Mar 2022 21:35:20 +0100 +Subject: [PATCH] Fix write-after-free error in DHCPv6 code. CVE-2022-0934 + refers. + +--- + CHANGELOG | 3 +++ + src/rfc3315.c | 48 +++++++++++++++++++++++++++--------------------- + 2 files changed, 30 insertions(+), 21 deletions(-) + +diff --git a/CHANGELOG b/CHANGELOG +index 87d6c2b..4bc7fb1 100644 +--- a/CHANGELOG ++++ b/CHANGELOG +@@ -55,6 +55,9 @@ version 2.87 + doesn't require hard-coding addresses. Thanks to Sten Spans for + the idea. + ++ Fix write-after-free error in DHCPv6 server code. ++ CVE-2022-0934 refers. ++ + + version 2.86 + Handle DHCPREBIND requests in the DHCPv6 server code. +diff --git a/src/rfc3315.c b/src/rfc3315.c +index cee8382..e218d26 100644 +--- a/src/rfc3315.c ++++ b/src/rfc3315.c +@@ -33,9 +33,9 @@ struct state { + unsigned int mac_len, mac_type; + }; + +-static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz, ++static int dhcp6_maybe_relay(struct state *state, unsigned char *inbuff, size_t sz, + struct in6_addr *client_addr, int is_unicast, time_t now); +-static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_t sz, int is_unicast, time_t now); ++static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbuff, size_t sz, int is_unicast, time_t now); + static void log6_opts(int nest, unsigned int xid, void *start_opts, void *end_opts); + static void log6_packet(struct state *state, char *type, struct in6_addr *addr, char *string); + static void log6_quiet(struct state *state, char *type, struct in6_addr *addr, char *string); +@@ -104,12 +104,12 @@ unsigned short dhcp6_reply(struct dhcp_context *context, int interface, char *if + } + + /* This cost me blood to write, it will probably cost you blood to understand - srk. */ +-static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz, ++static int dhcp6_maybe_relay(struct state *state, unsigned char *inbuff, size_t sz, + struct in6_addr *client_addr, int is_unicast, time_t now) + { + void *end = inbuff + sz; + void *opts = inbuff + 34; +- int msg_type = *((unsigned char *)inbuff); ++ int msg_type = *inbuff; + unsigned char *outmsgtypep; + void *opt; + struct dhcp_vendor *vendor; +@@ -259,15 +259,15 @@ static int dhcp6_maybe_relay(struct state *state, void *inbuff, size_t sz, + return 1; + } + +-static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_t sz, int is_unicast, time_t now) ++static int dhcp6_no_relay(struct state *state, int msg_type, unsigned char *inbuff, size_t sz, int is_unicast, time_t now) + { + void *opt; +- int i, o, o1, start_opts; ++ int i, o, o1, start_opts, start_msg; + struct dhcp_opt *opt_cfg; + struct dhcp_netid *tagif; + struct dhcp_config *config = NULL; + struct dhcp_netid known_id, iface_id, v6_id; +- unsigned char *outmsgtypep; ++ unsigned char outmsgtype; + struct dhcp_vendor *vendor; + struct dhcp_context *context_tmp; + struct dhcp_mac *mac_opt; +@@ -296,12 +296,13 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ + v6_id.next = state->tags; + state->tags = &v6_id; + +- /* copy over transaction-id, and save pointer to message type */ +- if (!(outmsgtypep = put_opt6(inbuff, 4))) ++ start_msg = save_counter(-1); ++ /* copy over transaction-id */ ++ if (!put_opt6(inbuff, 4)) + return 0; + start_opts = save_counter(-1); +- state->xid = outmsgtypep[3] | outmsgtypep[2] << 8 | outmsgtypep[1] << 16; +- ++ state->xid = inbuff[3] | inbuff[2] << 8 | inbuff[1] << 16; ++ + /* We're going to be linking tags from all context we use. + mark them as unused so we don't link one twice and break the list */ + for (context_tmp = state->context; context_tmp; context_tmp = context_tmp->current) +@@ -347,7 +348,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ + (msg_type == DHCP6REQUEST || msg_type == DHCP6RENEW || msg_type == DHCP6RELEASE || msg_type == DHCP6DECLINE)) + + { +- *outmsgtypep = DHCP6REPLY; ++ outmsgtype = DHCP6REPLY; + o1 = new_opt6(OPTION6_STATUS_CODE); + put_opt6_short(DHCP6USEMULTI); + put_opt6_string("Use multicast"); +@@ -619,11 +620,11 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ + struct dhcp_netid *solicit_tags; + struct dhcp_context *c; + +- *outmsgtypep = DHCP6ADVERTISE; ++ outmsgtype = DHCP6ADVERTISE; + + if (opt6_find(state->packet_options, state->end, OPTION6_RAPID_COMMIT, 0)) + { +- *outmsgtypep = DHCP6REPLY; ++ outmsgtype = DHCP6REPLY; + state->lease_allocate = 1; + o = new_opt6(OPTION6_RAPID_COMMIT); + end_opt6(o); +@@ -809,7 +810,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ + int start = save_counter(-1); + + /* set reply message type */ +- *outmsgtypep = DHCP6REPLY; ++ outmsgtype = DHCP6REPLY; + state->lease_allocate = 1; + + log6_quiet(state, "DHCPREQUEST", NULL, ignore ? _("ignored") : NULL); +@@ -924,7 +925,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ + int address_assigned = 0; + + /* set reply message type */ +- *outmsgtypep = DHCP6REPLY; ++ outmsgtype = DHCP6REPLY; + + log6_quiet(state, msg_type == DHCP6RENEW ? "DHCPRENEW" : "DHCPREBIND", NULL, NULL); + +@@ -1057,7 +1058,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ + int good_addr = 0; + + /* set reply message type */ +- *outmsgtypep = DHCP6REPLY; ++ outmsgtype = DHCP6REPLY; + + log6_quiet(state, "DHCPCONFIRM", NULL, NULL); + +@@ -1121,7 +1122,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ + log6_quiet(state, "DHCPINFORMATION-REQUEST", NULL, ignore ? _("ignored") : state->hostname); + if (ignore) + return 0; +- *outmsgtypep = DHCP6REPLY; ++ outmsgtype = DHCP6REPLY; + tagif = add_options(state, 1); + break; + } +@@ -1130,7 +1131,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ + case DHCP6RELEASE: + { + /* set reply message type */ +- *outmsgtypep = DHCP6REPLY; ++ outmsgtype = DHCP6REPLY; + + log6_quiet(state, "DHCPRELEASE", NULL, NULL); + +@@ -1195,7 +1196,7 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ + case DHCP6DECLINE: + { + /* set reply message type */ +- *outmsgtypep = DHCP6REPLY; ++ outmsgtype = DHCP6REPLY; + + log6_quiet(state, "DHCPDECLINE", NULL, NULL); + +@@ -1275,7 +1276,12 @@ static int dhcp6_no_relay(struct state *state, int msg_type, void *inbuff, size_ + } + + } +- ++ ++ /* Fill in the message type. Note that we store the offset, ++ not a direct pointer, since the packet memory may have been ++ reallocated. */ ++ ((unsigned char *)(daemon->outpacket.iov_base))[start_msg] = outmsgtype; ++ + log_tags(tagif, state->xid); + log6_opts(0, state->xid, daemon->outpacket.iov_base + start_opts, daemon->outpacket.iov_base + save_counter(-1)); + +-- +2.20.1 + diff --git a/repo/dnsmasq/config.h.patch b/repo/dnsmasq/config.h.patch new file mode 100644 index 0000000..7847696 --- /dev/null +++ b/repo/dnsmasq/config.h.patch @@ -0,0 +1,12 @@ +Adjust defaults. + +--- a/src/config.h ++++ b/src/config.h +@@ -47,2 +47,2 @@ +-#define CHUSER "nobody" +-#define CHGRP "dip" ++#define CHUSER "dnsmasq" ++#define CHGRP "dnsmasq" +@@ -231 +231 @@ +-# define RUNFILE "/var/run/dnsmasq.pid" ++# define RUNFILE "/run/dnsmasq.pid" diff --git a/repo/dnsmasq/dnsmasq-dnssec.pre-install b/repo/dnsmasq/dnsmasq-dnssec.pre-install new file mode 100644 index 0000000..708c15b --- /dev/null +++ b/repo/dnsmasq/dnsmasq-dnssec.pre-install @@ -0,0 +1,6 @@ +#!/bin/sh + +addgroup -S dnsmasq 2>/dev/null +adduser -S -D -H -h /dev/null -s /sbin/nologin -G dnsmasq -g dnsmasq dnsmasq 2>/dev/null + +exit 0 diff --git a/repo/dnsmasq/dnsmasq-dnssec.pre-upgrade b/repo/dnsmasq/dnsmasq-dnssec.pre-upgrade new file mode 100644 index 0000000..708c15b --- /dev/null +++ b/repo/dnsmasq/dnsmasq-dnssec.pre-upgrade @@ -0,0 +1,6 @@ +#!/bin/sh + +addgroup -S dnsmasq 2>/dev/null +adduser -S -D -H -h /dev/null -s /sbin/nologin -G dnsmasq -g dnsmasq dnsmasq 2>/dev/null + +exit 0 diff --git a/repo/dnsmasq/dnsmasq.conf.patch b/repo/dnsmasq/dnsmasq.conf.patch new file mode 100644 index 0000000..e3d7df4 --- /dev/null +++ b/repo/dnsmasq/dnsmasq.conf.patch @@ -0,0 +1,38 @@ +--- a/dnsmasq.conf.example ++++ b/dnsmasq.conf.example +@@ -21,8 +21,8 @@ + #bogus-priv + + # Uncomment these to enable DNSSEC validation and caching: +-# (Requires dnsmasq to be built with DNSSEC option.) +-#conf-file=%%PREFIX%%/share/dnsmasq/trust-anchors.conf ++# (Requires dnsmasq-dnssec package to be installed) ++#conf-file=/usr/share/dnsmasq/trust-anchors.conf + #dnssec + + # Replies which are not DNSSEC signed may be legitimate, because the domain +@@ -96,9 +96,13 @@ + + # If you want dnsmasq to change uid and gid to something other + # than the default, edit the following lines. +-#user= +-#group= ++#user=dnsmasq ++#group=dnsmasq + ++# Serve DNS and DHCP only to networks directly connected to this machine. ++# Any interface= line will override it. ++local-service ++ + # If you want dnsmasq to listen for DHCP and DNS requests only on + # specified interfaces (and the loopback) give the name of the + # interface (eg eth0) here. +@@ -671,7 +675,7 @@ + #conf-dir=/etc/dnsmasq.d,.bak + + # Include all files in a directory which end in .conf +-#conf-dir=/etc/dnsmasq.d/,*.conf ++conf-dir=/etc/dnsmasq.d/,*.conf + + # If a DHCP client claims that its name is "wpad", ignore that. + # This fixes a security hole. see CERT Vulnerability VU#598349 diff --git a/repo/dnsmasq/dnsmasq.confd b/repo/dnsmasq/dnsmasq.confd new file mode 100644 index 0000000..564a25d --- /dev/null +++ b/repo/dnsmasq/dnsmasq.confd @@ -0,0 +1,22 @@ +# Configuration for /etc/init.d/dnsmasq + +# Path to the dnsmasq configuration file. +#cfgfile="/etc/dnsmasq.conf" + +# Location where to store DHCP leases (sets --dhcp-leasefile). +#leasefile="/var/lib/misc/$RC_SVCNAME.leases" + +# Whether to automatically set up a network bridge when the init script is +# a symlink with suffix (e.g. /etc/init.d/dnsmasq.br0). +#setup_bridge=yes + +# User and group to change to after startup. +#user="dnsmasq" +#group="dnsmasq" + +# Additional options to pass to the dnsmasq. +# See the dnsmasq(8) man page for more information. +#command_args= + +# Uncomment to run with process supervisor. +# supervisor=supervise-daemon diff --git a/repo/dnsmasq/dnsmasq.initd b/repo/dnsmasq/dnsmasq.initd new file mode 100644 index 0000000..be09548 --- /dev/null +++ b/repo/dnsmasq/dnsmasq.initd @@ -0,0 +1,151 @@ +#!/sbin/openrc-run + +description="A lightweight DNS, DHCP, RA, TFTP and PXE server" + +extra_commands="checkconfig" +description_checkconfig="Check configuration syntax" + +extra_started_commands="reload" +description_reload="Clear cache and reload hosts files" + +# DNSMASQ_CONFFILE is here for backward compatibility (Alpine <3.16). +: ${cfgfile:=${DNSMASQ_CONFFILE:-"/etc/dnsmasq.conf"}} +: ${leasefile:="/var/lib/misc/$RC_SVCNAME.leases"} +: ${user:="dnsmasq"} +: ${group:="dnsmasq"} +: ${setup_bridge:="yes"} + +command="/usr/sbin/dnsmasq" +# Tell dnsmasq to not create pidfile, that's responsibility of init system. +# DNSMASQ_OPTS is here for backward compatibility (Alpine <3.16). +command_args="--keep-in-foreground --pid-file= $DNSMASQ_OPTS $command_args --conf-file=$cfgfile" +command_background="yes" +pidfile="/run/$RC_SVCNAME.pid" + +if [ "${RC_SVCNAME#*.}" != "$RC_SVCNAME" ] && yesno "$setup_bridge"; then + BRIDGE="${RC_SVCNAME#*.}" + : ${BRIDGE_ADDR:="10.0.3.1"} + : ${BRIDGE_NETMASK:="255.255.255.0"} + : ${BRIDGE_NETWORK:="10.0.3.0/24"} + : ${BRIDGE_DHCP_RANGE:="10.0.3.2,10.0.3.254"} + : ${BRIDGE_DHCP_MAX:="253"} + : ${BRIDGE_MAC:="00:16:3e:00:00:00" } + : ${DNSMASQ_LISTEN_BRIDGE_ADDR:=yes} +fi + +depend() { + provide dns + need localmount net + after bootmisc + use logger +} + +setup_firewall() { + local ins=$1 add=$2 + + iptables -w $ins INPUT -i "$BRIDGE" -p udp --dport 67 -j ACCEPT + iptables -w $ins INPUT -i "$BRIDGE" -p tcp --dport 67 -j ACCEPT + iptables -w $ins INPUT -i "$BRIDGE" -p udp --dport 53 -j ACCEPT + iptables -w $ins INPUT -i "$BRIDGE" -p tcp --dport 53 -j ACCEPT + iptables -w $ins FORWARD -i "$BRIDGE" -j ACCEPT + iptables -w $ins FORWARD -o "$BRIDGE" -j ACCEPT + iptables -w -t nat $add POSTROUTING -s "$BRIDGE_NETWORK" ! -d "$BRIDGE_NETWORK" -j MASQUERADE + iptables -w -t mangle $add POSTROUTING -o "$BRIDGE" -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill + + if yesno "$BRIDGE_IPV6_NAT" && [ -n "$BRIDGE_IPV6_NETWORK" ]; then + ip6tables -w -t nat $add POSTROUTING -s "$BRIDGE_IPV6_NETWORK" ! -d "$BRIDGE_IPV6_NETWORK" -j MASQUERADE + fi +} + +setup_bridge() { + einfo "Creating bridge $BRIDGE" + + if ! [ -d "/sys/class/net/$BRIDGE" ]; then + ip link add dev "$BRIDGE" type bridge + fi + + local addr + ip link set dev "$BRIDGE" address "$BRIDGE_MAC" \ + && for addr in $BRIDGE_ADDR $BRIDGE_ADDR_EXTRA; do + case "$addr" in + */*) ip addr add "$addr" dev "$BRIDGE";; + *) ip addr add "$addr/$BRIDGE_NETMASK" dev "$BRIDGE";; + esac + done \ + && ip link set dev "$BRIDGE" up + + echo 1 > /proc/sys/net/ipv4/ip_forward + echo 0 > "/proc/sys/net/ipv6/conf/$BRIDGE/accept_dad" || true + + if [ -n "$BRIDGE_IPV6_ADDR" ] && [ -n "$BRIDGE_IPV6_MASK" ] && [ "$BRIDGE_IPV6_NETWORK" ]; then + echo 1 > /proc/sys/net/ipv6/conf/all/forwarding + echo 0 > "/proc/sys/net/ipv6/conf/$BRIDGE/autoconf" + + ip -6 addr add dev "$BRIDGE" "$BRIDGE_IPV6_ADDR/$BRIDGE_IPV6_MASK" + + command_args="$command_args --dhcp-range=$BRIDGE_IPV6_ADDR,ra-only --listen-address $BRIDGE_IPV6_ADDR" + fi + +} + +start_pre() { + $command --test --conf-file="$cfgfile" >/dev/null 2>&1 \ + || $command --test \ + || return 1 + + checkpath -m 0644 -o "$user:$group" -f "$leasefile" || return 1 + + if [ -n "$BRIDGE" ]; then + setup_bridge + if ! yesno "$DISABLE_IPTABLES"; then + setup_firewall -I -A + fi + if yesno "$DNSMASQ_LISTEN_BRIDGE_ADDR"; then + local addr; for addr in $BRIDGE_ADDR; do + command_args="$command_args --listen-address ${addr%/*}" + done + fi + command_args="$command_args --strict-order --bind-interfaces --except-interface=lo --interface=$BRIDGE" + command_args="$command_args --dhcp-range $BRIDGE_DHCP_RANGE --dhcp-lease-max=$BRIDGE_DHCP_MAX --dhcp-no-override --dhcp-leasefile=$leasefile --dhcp-authoritative" + fi +} + +stop_post() { + if [ -n "$BRIDGE" ]; then + local addr; for addr in $BRIDGE_ADDR $BRIDGE_ADDR_EXTRA; do + case "$addr" in + */*) ip addr del "$addr" dev "$BRIDGE";; + *) ip addr del "$addr/$BRIDGE_NETMASK" dev "$BRIDGE";; + esac + done + ip link set dev "$BRIDGE" down + if ! yesno "$DISABLE_IPTABLES"; then + setup_firewall -D -D + fi + # dont destroy if there are attached interfaces + ls /sys/class/net/"$BRIDGE"/brif/* > /dev/null 2>&1 || ip link delete "$BRIDGE" + fi +} + +reload() { + ebegin "Reloading $RC_SVCNAME" + + $command --test --conf-file="$cfgfile" >/dev/null 2>&1 \ + || $command --test \ + || return 1 + + if [ "$supervisor" ]; then + $supervisor "$RC_SVCNAME" --signal HUP + else + start-stop-daemon --signal HUP --pidfile "$pidfile" + fi + eend $? +} + +checkconfig() { + ebegin "Checking $RC_SVCNAME configuration" + + $command --test --conf-file="$cfgfile" + + eend $? +} diff --git a/repo/dnsmasq/dnsmasq.pre-install b/repo/dnsmasq/dnsmasq.pre-install new file mode 100644 index 0000000..708c15b --- /dev/null +++ b/repo/dnsmasq/dnsmasq.pre-install @@ -0,0 +1,6 @@ +#!/bin/sh + +addgroup -S dnsmasq 2>/dev/null +adduser -S -D -H -h /dev/null -s /sbin/nologin -G dnsmasq -g dnsmasq dnsmasq 2>/dev/null + +exit 0 diff --git a/repo/dnsmasq/dnsmasq.pre-upgrade b/repo/dnsmasq/dnsmasq.pre-upgrade new file mode 100644 index 0000000..708c15b --- /dev/null +++ b/repo/dnsmasq/dnsmasq.pre-upgrade @@ -0,0 +1,6 @@ +#!/bin/sh + +addgroup -S dnsmasq 2>/dev/null +adduser -S -D -H -h /dev/null -s /sbin/nologin -G dnsmasq -g dnsmasq dnsmasq 2>/dev/null + +exit 0 diff --git a/repo/dnsmasq/dnsmasq.xibuild b/repo/dnsmasq/dnsmasq.xibuild new file mode 100644 index 0000000..9865e79 --- /dev/null +++ b/repo/dnsmasq/dnsmasq.xibuild @@ -0,0 +1,64 @@ +#!/bin/sh + +NAME="dnsmasq" +DESC="A lightweight DNS, DHCP, RA, TFTP and PXE server" + +MAKEDEPS="linux-headers nettle" + +PKG_VER=2.86 +SOURCE="https://www.thekelleys.org.uk/dnsmasq/dnsmasq-$PKG_VER.tar.xz" + +ADDITIONAL=" +0000-fix-heap-overflow-in-dns-replies.patch +0001-Retry-on-interrupted-error-in-tftp.patch +0002-Add-safety-checks-to-places-pointed-by-Coverity.patch +0003-Small-safeguard-to-unexpected-data.patch +0004-Fix-bunch-of-warnings-in-auth.c.patch +0005-Fix-few-coverity-warnings-in-lease-tools.patch +0006-Fix-coverity-formats-issues-in-blockdata.patch +0007-Retry-dhcp6-ping-on-interrupts.patch +0008-Fix-coverity-warnings-on-dbus.patch +0009-Address-coverity-issues-detected-in-util.c.patch +0010-Fix-coverity-detected-issues-in-option.c.patch +0011-Fix-coverity-detected-issue-in-radv.c.patch +0012-Fix-coverity-detected-issues-in-cache.c.patch +0013-Fix-coverity-issues-detected-in-domain-match.c.patch +0014-Fix-coverity-detected-issues-in-dnsmasq.c.patch +0015-Fix-coverity-issues-in-dnssec.c.patch +0020-Fix-crash-after-re-reading-empty-resolv.conf.patch +CVE-2022-0934.patch +config.h.patch +dnsmasq-dnssec.pre-install +dnsmasq-dnssec.pre-upgrade +dnsmasq.conf.patch +dnsmasq.confd +dnsmasq.initd +dnsmasq.pre-install +dnsmasq.pre-upgrade +" + +prepare () { + apply_patches +} + +build() { + make CFLAGS="$CFLAGS" COPTS="-DHAVE_DNSSEC" all + mv src/dnsmasq src/dnsmasq~dnssec + + make CFLAGS="$CFLAGS" clean all +} + +# dnsmasq doesn't provide any test suite (shame on them!), so just check that +# the binary isn't totally broken... +check() { + ./src/dnsmasq --help >/dev/null +} + +package() { + provider_priority=100 # highest (other provider is dnsmasq-dnssec) + + make PREFIX=/usr DESTDIR="$PKG_DEST" install + + install -D -m755 "$BUILD_ROOT"/dnsmasq.initd "$PKG_DEST"/etc/init.d/dnsmasq + install -D -m644 "$BUILD_ROOT"/dnsmasq.confd "$PKG_DEST"/etc/conf.d/dnsmasq +} diff --git a/repo/docbook2x/01_fix_static_datadir_evaluation.patch b/repo/docbook2x/01_fix_static_datadir_evaluation.patch new file mode 100644 index 0000000..5241dc3 --- /dev/null +++ b/repo/docbook2x/01_fix_static_datadir_evaluation.patch @@ -0,0 +1,19 @@ +Description: + 01_fix_static_datadir_evaluation.dpatch by Daniel Leidert (dale) + All lines beginning with `## DP:' are a description of the patch. + The evaluation of datadir results in "${prefix}/share" without + evaluation of the ${prefix} variable with autoconf 2.60. + +Index: docbook2X-0.8.8/configure.ac +=================================================================== +--- docbook2X-0.8.8.orig/configure.ac ++++ docbook2X-0.8.8/configure.ac +@@ -148,7 +148,7 @@ + dnl they will reside and should use these static_* values. + dnl Ensure that all static_* are fully expanded. + +-eval static_datadir="$datadir" ++eval eval static_datadir="$datadir" + + eval static_bindir="$bindir" + old_val="" diff --git a/repo/docbook2x/02_fix_418703_dont_use_abbreviated_sfnet_address.patch b/repo/docbook2x/02_fix_418703_dont_use_abbreviated_sfnet_address.patch new file mode 100644 index 0000000..681047a --- /dev/null +++ b/repo/docbook2x/02_fix_418703_dont_use_abbreviated_sfnet_address.patch @@ -0,0 +1,27 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 02_fix_418703_dont_use_abbreviated_sfnet_address.dpatch by Daniel Leidert (dale) +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Ondrej Certik reported a resolver issue: http://bugs.debian.org/418703. +## DP: The error seems to be caused by using the abbreviated sf.net URLs. But +## DP: it is possible, that this issue only occurs together with the issue +## DP: described in 01_fix_static_datadir_evaluation.dpatch, because the path +## DP: to the catalog also suffers from this issue. + +@DPATCH@ +diff -urNad docbook2x-0.8.8~/perl/db2x_xsltproc.pl docbook2x-0.8.8/perl/db2x_xsltproc.pl +--- docbook2x-0.8.8~/perl/db2x_xsltproc.pl 2004-08-18 16:21:52.000000000 +0200 ++++ docbook2x-0.8.8/perl/db2x_xsltproc.pl 2007-04-12 16:07:20.000000000 +0200 +@@ -110,10 +110,10 @@ + + if($options->{'stylesheet'} eq 'texi') { + $options->{'stylesheet'} = +- "http://docbook2x.sf.net/latest/xslt/texi/docbook.xsl"; ++ "http://docbook2x.sourceforge.net/latest/xslt/texi/docbook.xsl"; + } elsif($options->{'stylesheet'} eq 'man') { + $options->{'stylesheet'} = +- "http://docbook2x.sf.net/latest/xslt/man/docbook.xsl"; ++ "http://docbook2x.sourceforge.net/latest/xslt/man/docbook.xsl"; + } + + if(scalar(@argv) != 1) { diff --git a/repo/docbook2x/03_fix_420153_filename_whitespace_handling.patch b/repo/docbook2x/03_fix_420153_filename_whitespace_handling.patch new file mode 100644 index 0000000..26cdf8e --- /dev/null +++ b/repo/docbook2x/03_fix_420153_filename_whitespace_handling.patch @@ -0,0 +1,43 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 03_fix_420153_filename_whitespace_handling.dpatch by +## Daniel Leidert (dale) +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: Peter Eisentraut reported a regression in the whitespace handling of +## DP: refentrytitle content during filename creation: +## DP: http://bugs.debian.org/420153. The problem is, that upstream first +## DP: replaces all spaces (but not linebreaks btw) with underlines and then +## DP: it tries to normalize the result. This means, that a linebreak with +## DP: additional whitespaces results in manpage names like 'foo_ ____bar.9'. +## DP: So what we basically do in this patch is, that we first normalize the +## DP: refentrytitle and then replace any spaces left with underlines. + +@DPATCH@ +diff -urNad docbook2x-0.8.8~/xslt/man/manpage.xsl docbook2x-0.8.8/xslt/man/manpage.xsl +--- docbook2x-0.8.8~/xslt/man/manpage.xsl 2006-04-20 15:45:55.000000000 +0200 ++++ docbook2x-0.8.8/xslt/man/manpage.xsl 2007-04-20 16:19:28.000000000 +0200 +@@ -30,7 +30,7 @@ + + + +- ++ + + + +diff -urNad docbook2x-0.8.8~/xslt/man/refentry.xsl docbook2x-0.8.8/xslt/man/refentry.xsl +--- docbook2x-0.8.8~/xslt/man/refentry.xsl 2006-04-21 04:39:55.000000000 +0200 ++++ docbook2x-0.8.8/xslt/man/refentry.xsl 2007-04-20 16:21:53.000000000 +0200 +@@ -38,7 +38,11 @@ + + + +- ++ ++ ++ ++ ++ + +